About RSS
Search for: in 

Windows Watch - an XP & Vista blog

R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from Computeract!ve

Free email newsletters




Jargon Buster

ADVERTISEMENT

Phishers target flaw on Google

Scam redirects web users to malicious malware sites

Dinah Greek, Computeract!ve 19 Mar 2008
ADVERTISEMENT

Cybercriminals are using a loophole in Google’s website to redirect users to malicious websites that try to install malware on their PCs, security software developer McAfee has found.

This type of scam is not new, having been used on Yahoo and Microsoft's MSN sites before, but the success phishers have had using this technique means it is becoming increasingly prevalent.

The scam exploits a so-called open redirect on Google’s website. McAfee said earlier this year it found that spammers were using Google page ads in HTML-formatted emails to redirect users to their sites.

It thought the Google page ads were being used to conceal the actual URL and subvert traditional anti-spam detection techniques. However, it seems the linked URL can be changed to point to any site, as no validation appears to be carried out at Google’s end.

This open redirect lets anyone craft a link that looks as if it leads to the search engine, but actually goes elsewhere on the web.

McAfee Avert Labs researcher Vinoo Thomas said on his blog: “Although this type of technique is not necessarily new, the problem is that Google is not preventing the redirects to such sites.

"Google must be aware of this redirect abuse, and it’s hard to understand why they don’t prevent these redirects working for known bad file types or for spam and malware sites.”


All Hacking and Cyber-crime
Tags: Phishing

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
R E A D E R   C O M M E N T S
Post your comment Post your comment   What is this?

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Forensic Analysts
United Kingdom | MI5 Security Service
Forensic Analysts Working for MI5 you will use your expertise to protect the UK from terrorism, espionage and other threats to national security. You'll be joining a team that provides essential technical analysis and capability ... more >
Analyst Programmers
Sutton, Surrey, United Kingdom | Royal Marsden Hospital NHS Trust
  The Royal Marsden NHS Foundation Trust is a centre of excellence for research, development, education and care in the treatment of cancer. Analyst Programmers, Band 6, £23,458-£31,779 plus 15% HCAS, Sutton, Surrey We are ... more >
Analyst Programmer
United Kingdom | London School of Economics and Political Science
  London School of Economics and Political Science The Library Analyst Programmer (fixed term 24 months) Salary: £30,201 - £36,563 pa incl The Library is at the heart of LSE, one of the world's greatest ... more >
Project Manager
Leeds, United Kingdom | NHS Connecting Health
  Project Manager, Leeds, up to £53k  NHS Connecting for Health is an agency of the Department of Health supporting the NHS to deliver better, safer care to patients, by bringing in new computer systems ... more >
More job opportunities
Join our fight for a fair deal when shopping online
Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Advertise
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . IT Week . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503
Loading...

ADVERTISEMENT